CVE Vulnerability

CVE-2018-5258

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm Third Party Advisory
https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb Third Party Advisory
https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f Issue Tracking Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:banconeon:neon:1.6.14:*:*:*:*:iphone_os:*:*
Information

Published : 2018-01-17 05:29

Updated : 2018-02-02 04:10

NVD link : CVE-2018-5258

Mitre link : CVE-2018-5258

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation